Thursday, April 26, 2012

When You Should Disable Root Login…Or Not

When should you disable root login? Disabling root login is a super
easy trick to increase security on your machine. Let’s take a look at
why and when you should disable the root login and also when it’s OK to
keep root login enabled. Root or administrator users are the default
users on almost all systems. By their name, we know that they have all
privileges on the machine and control everything. In previous articles
I’ve suggested several times that disabling root login and created root
privilege users is a good security practice but in realty you don’t
always have to do this. Let’s first look at when it is best practice
to disable root login.Can your server be accessed by anyone on the internet?
What does this mean? Well, for example, if you can be on any computer
at any location on the internet and SSH to your machine, then your
server can be accessed by anyone on the internet. Since the root user
has all the powers AND we know that almost every Linux machine comes
with the root user enabled, then guessing or trying to crack the root
users password is the basic place to start if you’re trying to penetrate
a system.
Bots can automatically scan for the open SSH port and start trying to
access your system using the root user and random passwords trying to
break in. By creating a user with root privileges and disabling the
root login, you remove this from the equation. Bots (or people)
generally aren’t out there trying to guess usernames AND passwords, so
this increases the security of your system. When is it OK to leave root login enabled?
As several Pinehead members in the Pinehead community have pointed out,
it is OK at times to leave the root user enabled. Again, I will say it
is BEST practice to change the root username and/or disable the root
password. However, if your server is offline and is only located on a local network
you don’t have to worry about hackers or bots trying to penetrate your
system. By the very nature of a local network they don’t even have
access to the system to even try accessing it as root.If you can only access your servers from a VPN
Again, this is the same as your servers being only accessible on the
local network. VPNs create another layer of protection. In order to
access the VPN you’ll need permissions, from there you can login to your
server.All login is disabled except from console
Let’s say your server is behind a firewall that only allows access to
port 80. Then port 22 (SSH) isn’t even available to the whole internet
for someone or something trying to penetrate your system. You could
also just remove the services that allow remote login. If you only allow
access to the server via console login (being physically in front of
the server) then there is no reason to disable root login.
Last but not least…You don’t mind taking the chances of a break-in
If you just don’t care that someone or something “could” ever break in
or you think the odds are against it, then leave it open. The odds are
rather low that this will happen to you, but that doesn’t mean it won’t
or that you shouldn’t take some steps to protect your system. This
includes disabling root login, only allowing login at the console,
putting your server behind a VPN, or making your server available only
on the local network.
At the end of the day it’s easier to just disable root login via ssh as suggested in a previous tut: Disable Root Login via SSH or to allow access via ssh keys.
Have a suggestion to this? Or other suggestions on protecting your system? Post them in the comments.